Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[OT] How To Ask Questions The Smart Way - Re: Question about timings

From: kx <kxmail () gmail com>
Date: Sat, 18 Mar 2006 22:47:33 -0500
Ron,
  I have an itching feeling that your post might just get ignored.
But, I am feeling helpful (and verbose) tonight so here are a few
pointers, and this might help anyone posting to the nmap-dev list in
the future.  These are my opinions solely, and Fyodor may just trounce
this later, but these are guidelines I've tried to follow while
posting here and elsewhere... and has generally been received well.

  While I think the nmap-dev community is pretty helpful, and Fyodor
is one of the most accessible hacker rock stars out there, realize
that the "hacker" and open source development community is pretty
snobby and elitist. Not because we all think we are l33t (I definitely
am not), but because we have full time jobs, do this as a hobby, and
in many cases, would charge big bucks in our real jobs to answer a
question like yours.  So to start, I recommend taking a look at ESR's
"How To Ask Questions The Smart Way"
http://catb.org/~esr/faqs/smart-questions.html "How To Become A
Hacker" http://www.catb.org/~esr/faqs/hacker-howto.html is also some
great reading and is relevant as well. Fyodor recommends it on his
good reading list.

  So let's look at a few things, from the "questions" article:

"Before You Ask"
http://catb.org/~esr/faqs/smart-questions.html#before

"When you ask your question, display the fact that you have done these
things first; this will help establish that you're not being a lazy
sponge and wasting people's time. Better yet, display what you have
learned from doing these things. We like answering questions for
people who have demonstrated they can learn from the answers."

In your question, you showed a little understanding of what you know,
but in no way demonstrated what you did to figure it out. Have you
searched the nmap-dev archives? Have you read the man pages,
especially: http://www.insecure.org/nmap/man/man-performance.html

Have you run your own experiments in detail, and if so, what options
did you set and what effects did they have?

For example, in my quick experiment before this post, I had these
results scanning from a Windows XP SP2 machine:


nmap -sS 192.168.1.1


Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-03-18 22:18 Eastern
Standard Time
Interesting ports on 192.168.1.1:
(The 1671 ports scanned but not shown below are in state: closed)
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:04:5A:EF:AE:13 (The Linksys Group)

Nmap finished: 1 IP address (1 host up) scanned in 4.657 seconds


nmap -sT 192.168.1.1


Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-03-18 22:01 Eastern
Standard Time
Interesting ports on 192.168.1.1:
(The 1671 ports scanned but not shown below are in state: filtered)
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 00:04:5A:EF:AE:13 (The Linksys Group)

Nmap finished: 1 IP address (1 host up) scanned in 94.641 seconds

A SYN scan is dramatically faster in my scans of my home router using
the default nmap settings.  Posting a similar output, as well as
providing information about your setup, would have dramatically aided
in answering your question. In fact, you may have found some scanning
setup, target OS, or options combination where a SYN scan was slower
than a Connect scan, and we would want to investigate the reason why
further, as it may aid other nmap users.

"Choose your forum carefully" - While nmap-dev is an authoritative
source, it is generally for technical development related discussions.
 Did you read the "About this list" page?
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Perhaps the Security Basics mailing list might be a more appropriate
forum? http://www.securityfocus.com/archive/105/description "it is
also an excellent resource for the beginner who wants a
non-threatening place to learn the ropes."

And finally, perhaps the most relevant section: "Don't post homework questions"

So here are my pointers, if you haven't been exposed to it already in
school, I recommend understanding the scientific method,
http://en.wikipedia.org/wiki/Scientific_method

Read through the nmap manual, it isn't that long and it is essential
if you want to understand what you are actually doing when using nmap.
 I've also enjoyed "Secrets of Network Cartography: A Comprehensive
Guide to nmap" http://www.networkuptime.com/nmap/index.shtml

I highly recommend using a packet sniffer like Ethereal
http://www.ethereal.com/ when observing and understanding port
scanners.

Hope that helps, and best of luck on your assignment.  You did pick a
great topic.

Cheers,
  kx

On 3/18/06, Ron <iago () valhallalegends com> wrote:

Hello,

I'm doing a school project on port mapping (why not?), and I was looking
at the timings for different scans.  I noticed that a SYN scan (-sS)
takes a little bit more time than a Connect scan (-sT).  Does anybody
know why?  I figured that -sS would be faster because it uses less
packets, but apparently that's not the case.

Thanks
Ron


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: